cbcvebase.
CVE-2024-25029
published 2024-04-06

CVE-2024-25029: IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation…

PriorityP260critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.79%
51.6th percentile
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

Affected

5 ranges
VendorProductVersion rangeFixed in
ibmpersonal_communications
ibmpersonal_communications
ibmpersonal_communications
ibmpersonal_communications
ibmpersonal_communications14.0.6 – 15.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.